mbedtls

Author	SHA1	Message	Date
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Jerry Yu	c2b1bc4fb6	replace early data permission check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:46 +08:00
Ronald Cron	a1e867c676	Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE	2023-12-05 08:31:24 +00:00
Yanray Wang	744577a429	tls13: early_data: cli: check a PSK has been selected in EE Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 23:03:37 +08:00
Yanray Wang	9ae6534c20	tls13: early_data: cli: improve comment This commit improves comment of why we assign the identifier of the ciphersuite in handshake to `ssl->session_negotiate`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 17:46:08 +08:00
Yanray Wang	03a00768c0	tls13: early_data: cli: improve comment This commit improves comment of the check for handshake parameters in Encrypted Extension. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 17:40:21 +08:00
Yanray Wang	e72dfff1d6	tls13: early_data: cli: improve comment Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 12:05:16 +08:00
Yanray Wang	2bef7fbc8d	tls13: early_data: cli: remove guard to fix failure Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 12:02:56 +08:00
Yanray Wang	b3e207d762	tls13: early_data: cli: rename early_data parser in nst Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 16:49:51 +08:00
Yanray Wang	0790041dc6	Revert "tls13: early_data: cli: remove nst_ prefix" This reverts commit `3781ab40fb`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 16:44:44 +08:00
Yanray Wang	f4bad42670	itls13: early_data: cli: improve comment Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 15:58:07 +08:00
Yanray Wang	a29db7da2e	tls13: early_data: cli: assign ciphersuite properly When early_data extension is enabled and sent in ClientHello, the client does not know if the server will accept early data and select the first proposed pre-shared key with a ciphersuite that is different from the ciphersuite associated to the selected pre-shared key. To address aforementioned case, we do associated verification when parsing early_data ext in EncryptedExtensions. Therefore we have to assign the ciphersuite in current handshake to session_negotiate later than the associated verification. This won't impact decryption of EncryptedExtensions since we compute handshake keys by the ciphersuite in handshake not via the one in session_negotiate. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 14:27:38 +08:00
Yanray Wang	3781ab40fb	tls13: early_data: cli: remove nst_ prefix Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-23 18:17:14 +08:00
Yanray Wang	d012084e91	tls13: early_data: cli: optimize code - remove unnecessary check - using local variable session Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-23 16:38:20 +08:00
Yanray Wang	554ee62fba	tls13: early_data: fix wrong debug_ret message Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 18:55:03 +08:00
Yanray Wang	5da8ecffe6	tls13: nst early_data: remove duplicate code Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 18:52:21 +08:00
Yanray Wang	920db45818	tls13: early_data: support to parse max_early_data_size ext Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 10:33:11 +08:00
Jerry Yu	8e0174ac05	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	342a555eef	rename ticket received Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	46c7926f74	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	cebffc3446	change time unit of ticket to milliseconds Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Tom Cosgrove	53199b1c0a	Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension	2023-11-07 13:59:13 +00:00
Dave Rodgman	4eb44e4780	Standardise some more headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:15:12 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Jerry Yu	960b7ebbcf	move psk check to EE message on client side early_data extension is sent in EE. So it should not be checked in SH message. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:18 +08:00
Dave Rodgman	2eab462a8c	Fix IAR warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 13:30:37 +01:00
Gilles Peskine	e820c0abc8	Update spelling "mbed TLS" to "Mbed TLS" The official spelling of the trade mark changed from all-lowercase "mbed" to normal proper noun capitalization "Mbed" a few years ago. We've been using the new spelling in new text but still have the old spelling in a lot of text. This commit updates most occurrences of "mbed TLS": ``` sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/*' ':!tests/suites/.data' ':!programs/x509/' ':!configs/tfm') ``` Justification for the omissions: * `ChangeLog`: historical text. * `test/data_files/*`, `tests/suites/.data`, `programs/x509/`: many occurrences are significant names in certificates and such. Changing the spelling would invalidate many signatures and tests. `configs/tfm*`: this is an imported file. We'll follow the upstream updates. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:18:17 +02:00
Valerio Setti	c9ae862225	tls: use TLS 1.3 guards in ssl_tls13 modules Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-25 11:23:50 +02:00
Valerio Setti	ea59c43499	tls: fix a comment a rename a variable/symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-25 11:14:03 +02:00
Valerio Setti	3d237b5ff1	ssl_misc: fix guards for PSA data used in XXDH key exchanges Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-07 19:02:16 +02:00
Przemek Stekiel	408569f91a	Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-06 12:16:44 +02:00
Przemek Stekiel	7ac93bea8c	Adapt names: dh -> xxdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Przemek Stekiel	d5f79e7297	Adapt functions names for ffdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Przemek Stekiel	6f199859b6	Adapt handshake fields to ffdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:25:00 +02:00
Valerio Setti	dbd01cb677	tls13: fix guards for PSA error translating function Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-04 09:18:52 +02:00
Manuel Pégourié-Gonnard	56b159a12a	Merge pull request #7627 from mprse/ffdh_tls13_v2 Make use of FFDH keys in TLS 1.3 v.2	2023-07-03 10:12:33 +02:00
Przemek Stekiel	a05e9c1ec8	Fix selection of default FFDH group Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-15 17:07:16 +02:00
Przemek Stekiel	7d42c0d0e5	Code cleanup #2 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 12:30:40 +02:00
Andrzej Kurek	a6033ac431	Add missing guards in tls 1.3 Error translation is only used with these defines on. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:47 -04:00
Andrzej Kurek	1e4a030b00	Fix wrong array size calculation in error translation code Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:47 -04:00
Andrzej Kurek	0064484a70	Optimize error translation code size Introducing an intermediate function saves code size that's otherwise taken by excessive, repeated arguments in each place that was translating errors. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:46 -04:00
Przemek Stekiel	75a5a9c205	Code cleanup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 09:57:23 +02:00
Przemek Stekiel	29c219c285	Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:09 +02:00
Przemek Stekiel	c89f3ea9f2	Add support for FFDH in TLS 1.3 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard	02b10d8266	Add missing include Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	1f2a587cdf	Use actual function instead of static inline Large static inline functions used from several translation units in the library are bad for code size as we end up with multiple copies. Use the actual function instead. There's already a comment that says so. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	2d6d993662	Use MD<->PSA functions from MD light As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
YxC	da609130f3	fix: correct calling to time function in tls13 client&server Call `mbedtls_time` to handle the case when MBEDTLS_PLATFORM_TIME_MACRO is defined Signed-off-by: Yuxiang Cao <yuxiang.cao@fortanix.com>	2023-05-22 13:22:00 -07:00

1 2 3 4 5 ...

443 commits